ABOUT EVENTS & RESOURCES

Learn more about the issues affecting our industry at one of our upcoming events or through our blog.

 

 

Event: Successful Strategies for QA-Based Security Testing

Successful Strategies for QA-Based Security Testing

November 8, 2011
1:30 PM to 4:00 PM

Involving the QA organization in a software security assurance program is critical, yet it’s incredibly difficult to find a magic formula that is both effective, and not overly taxing on the QA organization. The key issue is that fundamentally—while security and QA are both testing functions—they couldn’t be any more different.

QA tests applications for known features and functions, while security is tasked with testing the unintended features that developers program into their code. Testing for ‘unknowns’ is incredibly difficult, but what if security testing was split up in ways that were both defined and undefined? The defined components could be tested, while the undefined could be left to the ethical hackers to test.

This talk addresses the practicality of having a ‘testable security requirement’ for all manner of application development lifecycles.

Key Learning Objectives

  • Splitting ‘security’ into 2 separate tasks, a defined and undefined problem space
  • Creating and managing sound security requirements, and executing tests against them
  • Using security defects, incident response as future security requirements effectively

About the Speaker

Rafal Los: Rafal is the Web Application Security Evangelist for the HP Software & Solutions business at Hewlett-Packard. Rafal is responsible for bridging gaps between security technologies and business needs. He also focuses on demonstrating business value from risk reduction through measurable gains in enterprise web application security solutions on behalf of the HP Application Security Center group.

Rafal has spent over 10 years in various facets of information security and data protection, building programs at companies ranging from startups to Fortune 50 enterprises. He is a frequent speaker at security conferences and quality events. He contributes regularly to organizations such as the Open Web Application Security Project (OWASP) and others promoting education, openness and standards.

Sponsor and Location:
TAP Group
Willis Tower – 233 South Wacker Drive, 33rd Floor
Chicago, IL 60606
Please check in with security at first level front desk. Photo identification is required.

Agenda
1:00 PM – 1:30 PM Sign-in and Networking (Please do not arrive prior to 1:00 PM)
1:30 PM – 1:45 PM Welcome and CQAA Announcements
1:45 PM – 4:00 PM Presentation (15 minute break at 2:45 PM)

Registration: Registration is required to attend this program. You must be on the registration list for entry into the building. To register, click here. The registration deadline is Monday, November 7, 2011.

Questions: If you have any questions, please contact CQAA Program Director at programs@cqaa.org. For more information, please visit www.cqaa.org.

 
CASE STUDIES

Quality Strategy and Roadmap
When a company in the healthcare industry combined separate IT groups, it needed common software delivery practices and project engagement rules… >>

Software Testing Outsourcing
A custom communications provider in healthcare and financial services was pursuing an aggressive timeline to complete a platform conversion, raising concerns about service quality… >>

HOT JOBS
Interested in reviewing our current job openings or submitting a resume?

Click Here

Part Of SPR COMPANIES
© 2012 SPR Companies. All rights reserved. About | Talent | Solutions | Case Studies | Events & Resources | Careers | Site Map | Legal/Privacy Policy